Vendor Lock-in

Vendor lock-in is the operational and financial cost of replacing a deeply-integrated security vendor — re-architecting integrations, retraining staff, migrating data, and breaking long-term pricing. It's mitigated by dual-sourcing critical categories, contract terms (data portability clauses, exit assistance), and architectural decoupling. Tracked as Risk R19 in CISO Game with an exposure offset of 50, meaning it never fully resolves.

Where this term fits in a CISO program

Vendor Lock-in is one of 35 cybersecurity strategy concepts CISO Game models live. Vendor Lock-in appears throughout the simulation — in the risk register, the investment catalog, and the mechanics reference — so a player encounters the concept in context rather than as an isolated definition.

See it in play

The fastest way to internalize Vendor Lock-in is to watch it move during a 5-year program. Start a free CISO Game run to see how this concept interacts with budget, hiring, and incident response across 20 quarters of strategic play.

Related glossary terms

• Tool Without Team EffectivenessThe 30% effectiveness multiplier applied when you own a security tool but lack t…
• TPRM (Third-Party Risk Management)The discipline of evaluating and continuously monitoring vendors that touch your…

← TPRM (Third-Party Risk Management) All terms

Play CISO Game free →